Skip to content

Software packages

If you're still using controlled updates, read this page. Then see "How do I migrate from controlled updates?" in Software packages FAQ.


If you're compliant with the Federal Risk and Authorization Management Program (FedRAMP), you'll only see our Fixed term support and Long term support packages.

Software packages let you control when your Sophos protection software is updated.

By default, you have the Recommended package, which we update automatically. However, you can select packages that let you remain on the same version for a set time.


You still get security updates to protect you against the latest threats. Only the product features remain unchanged.

This page describes the package types and tells you how to get and manage them. If you need more help, see Software packages FAQ.

Package types

We offer the following package types:

  • Recommended: This package is automatically updated to give you our latest protection. It never expires.
  • Fixed term support: This package gives you the protection available on the release date, plus updates against new threats. It expires 120 days after the release date but not earlier than 60 days after the next release to allow for testing.
  • Long term support: This package gives you the protection available on the release date, plus updates against new threats. It expires 18 months after the release date.


    Only use this package type on devices you can't update regularly.

  • Special: Special packages that fix specific issues. You can only get them from Sophos support. Click Add software to add a special package.

  • EAP: Sophos Early Access Program. Devices in an EAP ignore any other software package you've assigned to them until the EAP ends.

Select a package

By default, you have the Recommended package.

To select a different package for the first time, or to replace a package that's expired, do as follows:

  1. Go to My Products > Endpoint or Server.
  2. Click Policies.
  3. Select the Update management policy that applies to the devices you want to protect with the package. Click the policy to edit it.

    Endpoint policies list.

  4. Go to the Settings tab.

    Policy settings tab.

  5. In Scheduled updates, select a package in the Windows and/or Linux drop-down menus. For details of the packages, click Package details.

    You don't need to enable scheduled updates to use this option.

    Package selector.

  6. To view your selected package or packages, go to Global Settings > Administration and click Software packages.

View your packages

To view your packages, do as follows:

  1. Go to My Products > General Settings.
  2. Under Administration, click Software packages.
  3. On the Software packages page, all the available packages are shown with their start and end dates. Click the arrow next to a package to see its details.

    You can see the version of each software module that makes up the package.

    • Core: Software used by multiple modules.
    • Intercept X: Advanced threat protection.
    • Encryption
    • MDR: Managed Detection and Response.

    Package details.

  4. Click Package notes to see the release notes for your package.

    Click the Edit icon to add your own notes about the package. For example, you might add details of which users the package is for.

    Notes links.

Replace a package when it expires

When a package is due to expire, you get email notifications.

Make sure you select a new package before your current one expires. If you don’t, you'll stop getting security updates and won’t be protected against the latest threats. See Select a package.


You might still see your expired package when you go to the update management policy, but you can't select it again or select it in a new policy.